Re: suexec permissions

[Zeljko Brajdic <zeljko.brajdic@iskon.hr>]

On Mon, 2005-01-10 at 10:48 +0100, nodata wrote:
> Good morning,
> 
> I'm having a some permissions trouble with suexec running on Sarge.
> 
> I have a virtualhost for a user called Bob which specifies User Bob and
> Group Bob in the /etc/apache/conf.d/bob.conf file.
> 
> The permissions on /var/www/bob are:
>  drwx------   2 bob  bob     4096 Jan 10 10:30 cgi-bin
>  drwx------  26 bob  bob     4096 Jan 10 10:30 htdocs
> 
> and the permissions on /var/www/bob/htdocs/index.html are:
>  drwx------   1 bob  bob     4096 Jan 10 10:30 index.html
> 
> When I restart Apache, I get the following message in the Apache error log:
>  [Mon Jan 10 10:35:00 2005] [notice] suEXEC mechanism enabled (wrapper:
> /usr/lib/apache/suexec)
> 
> But when I try to access index.html, bob's error log shows:
> 
> [Mon Jan 10 10:36:00 2005] [error] [client 10.1.1.1] (13)Permission
> denied: access to /index.html failed because search permissions are
> missing on a component of the path
> 
Ofcourse you get this. Apache is run under www-data user and with this
permissions www-data user cant stat any CGI in Bob's directory. You must
put execute/access permission on directory and that is access bit (x)
for directories.

`chmod 701 /var/www/bob` and same for any directory where apache
(www-data) must enter to get files/scripts.

With this setup other users can enter his directory but can't read
anything. If they try to something like `ls -l` they'll get "ls: .:
Permission denied"
-- 
v            ,   v  v
Zeljko Brajdic - Zorz